Code Auditing the Defcon Way

← Back to Stories (view on slashdot.org)

Posted by Zonk on Friday August 5, 2005 @08:46PM from the hands-on-classes dept.

An anonymous reader writes "Last weekend at Defcon, the best and brightest hackers got together to play Capture the Flag, a weekend long hacking event that is the premier event of its kind. According to the results, Shellphish won (UC Santa Barbara students led by professor Giovanni Vigna). An article at SecurityFocus states that the competition was far more technical than in previous years, focusing on reverse engineering skills and code auditing." From the article: "The game required skills that are also required by both security researchers and hackers, such as ability to analyze attack vectors, understanding and automating attacks, finding new, unpredictable ways to exploit things...It's about analyzing the security posture of a system that is given to you and about which you initially know nothing."

4 of 74 comments (clear)

Min score:

Reason:

Sort:

More technical? by Alex+P+Keaton+in+da · 2005-08-05 20:48 · Score: 3, Insightful

Sort of like when extreme sports went mainstream... Seems like this is a better way for people to show of their skills for the ever growing, and ever more lucrative security business....

--
And All I Ask is a Tall Ship And a Star to Steer Her By
1. Re:More technical? by xcentrics · 2005-08-05 21:33 · Score: 2, Insightful
  
  "What it takes to be an elite hacker is to find vulnerabilities in custom software," said the Kenshoto member. "It is not code auditing per se. They have to reverse engineer, and we have made it difficult to reverse engineer."
  
  real-Reverse Engineering under linux ?!? forget about it.
  i mean the system is free ,98% of software is free.Therefore there are no commercial _exe_packers_ (i've never heard about it) so RE is not as hard as under Win where anything can be packed in example with Asprotect.If there were new asprotect for unix systems then it would be real RE challenge...
  
  --
  "Kata ton daimona eay toy." (Be true to your soul).
X (Hackers) Games by KarMax · 2005-08-05 22:40 · Score: 2, Insightful

IMHO there is nothing WRONG about this kind of "x hacker games" there is a lot of this kind of stuff, Hollywood movies, popcorn books (like Davinci Code by Dan Brown), among others.

The problem is when begins to be a serious "news" or "event".

The article try to remark that the event is "pro" or "serious", dont get it...

Its just a game!

--
Rock and Roll
I would love to see network trace logs by abulafia · 2005-08-06 03:32 · Score: 2, Insightful

I haven't been to Defcon since the third one... no time (at least I have the t-shirts), and now that I don't live nearby, it is hard to justify the expense and time off. Hell, I can't even have normal vacations, let alone conference junkets. But damn, this seems like it would have been a great year to have gone.
I'm sure someone watched the wire for this event - if TCPdump (or whatever) traces of it are available anywhere, someone post a link. It would be a fascinating thing to waste my weekend on.

--
I forget what 8 was for.